May 10, 2014 03:42PM

This has not been fixed in current nginx releases, this is not
directly related to nginx either, the problem is outdated terminal
emulators would parse the potentially malicious commands in the log
file. This answer explains it

Kurt Cancemi

On Sat, May 10, 2014 at 2:59 PM, B.R. <> wrote:
> I just saw something strange on
> "An error log data are not sanitized
> Severity: none
> CVE-2009-4487
> Not vulnerable: none
> Vulnerable: all"
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?
> ---
> B. R.
> _______________________________________________
> nginx mailing list

nginx mailing list
Subject Author Posted

Strange advisory

B.R. May 10, 2014 03:02PM

Re: Strange advisory

x64architecture May 10, 2014 03:42PM

RE: Strange advisory

Lukas Tribus May 10, 2014 03:46PM

Re: Strange advisory

B.R. May 11, 2014 12:28AM

Re: Strange advisory

itpp2012 May 11, 2014 05:12AM

Re: Strange advisory

Valentin V. Bartenev May 13, 2014 04:24AM

Re: Strange advisory

B.R. May 13, 2014 09:46AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready